Difference between revisions of "PHASTA Group Machines"

From PHASTA Wiki
Jump to: navigation, search
(Setting Up Two-Factor Authentication)
(Machines)
 
(20 intermediate revisions by one other user not shown)
Line 3: Line 3:
 
== Logging In ==
 
== Logging In ==
  
The entry point for the group machines is <code>jumpgate</code>, which is accessed publicly via <code>jumpgate-phasta.colorado.edu</code>. To access the system via command line, simply run <code>ssh USERNAME@jumpgate-phasta.colorado.edu</code>.
+
The entry point for the group machines is <code>jumpgate</code>, which is accessed publicly via <code>jumpgate-phasta.colorado.edu</code>. We access this entry point by creating an SSH connection between it and our personal machines. To access the system via command line (terminal, command prompt, etc), simply run <code>ssh USERNAME@jumpgate-phasta.colorado.edu</code>. Note: if you are using Windows 8 or older, you will need to download and install an SSH client such as [https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY], and follow the directions specified as '''Windows 8'''.
  
In the command line terminal, the login process will look like the following:
+
This [https://fluid.colorado.edu/tutorials/tutorialVideos/VNC_tutorial.mov video] walks you through the multiple next steps you will take in order to access and interact with the PHASTA machines. wThe steps in the video are more thoroughly documented in the remainder of this page and the [[VNC]] page of the wiki.
 +
 
 +
To get started, open a command line terminal, enter <code>ssh USERNAME@jumpgate-phasta.colorado.edu</code>, and the login process will look like the following:
  
 
  ➜ ssh USERNAME@jumpgate-phasta.colorado.edu  
 
  ➜ ssh USERNAME@jumpgate-phasta.colorado.edu  
Line 11: Line 13:
 
  Verification code:
 
  Verification code:
  
where the <code>Password:</code> and <code>Verification code:</code> are prompts for you to enter in your password and 2FA pass code. Note this request for a verification code will not start occurring until after you setup 2fa as noted below.
+
'''**Windows 8**'''
 +
Open your PuTTY application and enter the following in the field that says "Host name:"
 +
  <code>USERNAME@jumpgate-phasta.colorado.edu</code>
 +
Next make sure that Connection type is set to "SSH". Click on "Open". This will start a terminal window session connected to jumpgate that will have the
 +
same output as the non-windows 8 instructions above.
 +
 +
 
 +
where the <code>Password:</code> and <code>Verification code:</code> are prompts for you to enter in your password and 2FA pass code. Note the 2FA request for a verification code will not start occurring until after you setup 2fa as noted below.
  
 
Very little can/should be done on <code>jumpgate</code>.  The most common use is to establish a tunnel for a VNC session. The second usage that must be done to set that up is connecting to <code>portal1</code>. This is done via <code>ssh portal1</code> while on <code>jumpgate</code>.
 
Very little can/should be done on <code>jumpgate</code>.  The most common use is to establish a tunnel for a VNC session. The second usage that must be done to set that up is connecting to <code>portal1</code>. This is done via <code>ssh portal1</code> while on <code>jumpgate</code>.
  
 
=== Setting Up Two-Factor Authentication ===
 
=== Setting Up Two-Factor Authentication ===
Due to recent brute force ssh attacks we are moving to using two factor authentication (2FA). Existing users will have one week to switch over to this process.  New users are expected to do this within 24 hours.  This is pretty easy to setup as follows (from a terminal in your mac or linux laptop (and Windows if new enough)) or using PuTTY. All commands to be run are in <code>''italics''</code>.
+
Due to recent brute force ssh attacks we are moving to using two factor authentication (2FA). Existing users will have one week to switch over to this process.  New users are expected to do this within 24 hours.  This is pretty easy to setup as follows (from a terminal in your mac or linux laptop (and Windows if new enough)) or using PuTTY. All commands to be run are will be in <code>code</code> block. If you have not already established a connection with jumpgate (from the previous steps above), open a new terminal on your personal computer and enter the following:
  
  ''ssh USERNAME@jumpgate-phasta.colorado.edu''
+
  <code>ssh USERNAME@jumpgate-phasta.colorado.edu</code>
  
This will prompt for your ''password'' (the private password you set or, if this is your first login the one in the account creation email).
+
This will prompt for your ''password'' (the private password you set or, if this is your first login, the one in the account creation email). Enter your password to log in. We will refer to this terminal as "Primary terminal" for the remainder of these instructions.  
  
Next you need to download and install an authenticator application either for your computer or phone. There are several from Google, Microsoft, Twilio, etc. Launch that application on your phone or computer. In whatever mode it uses to create a new token generator, do that (often it opens with a QR code scanner enabled as it knows that is the easiest way to link the phone application to the QR scan created on the machine you are trying to access).
+
Next you need to download and install an authenticator application either for your computer or phone. There are several from Google, Microsoft, Twilio, etc (Google Authenticator works great). Launch that application on your phone or computer. In whatever mode it uses to create a new token generator, do that (often it opens with a QR code scanner enabled as it knows that is the easiest way to link the phone application to the QR scan created on the machine you are trying to access).
  
Before moving forward, it is recommended that you start a second terminal connection to <code>jumpgate</code> by repeating the ssh command above. If at any point you want/need to reset, simply run <code>''rm -rf ~/.google_authenticator''</code> in that second ssh session.
+
Before moving forward, start a second terminal connection to <code>jumpgate</code> by repeating the process above for establishing an ssh connection (PuTTY steps for Windows 8 users). We will refer to this second terminal connection as our "backup terminal". If at any point you want/need to reset, simply run <code>''rm -rf ~/.google_authenticator''</code> in the backup terminal.
  
In your <code>jumpgate</code> terminal on your laptop type:
+
Now, in your primary <code>jumpgate</code> terminal on your laptop type and enter:
  
  ''google-authenticator''
+
  <code>google-authenticator</code>
  
If your terminal is big enough, it should display a QR code that you can scan with your phone. At this point it will ask you some questions about options (I answered yes to all). **You must answer yes to the time-based question, otherwise you will not be able to copy files onto ALCF (learned from experience)**
+
If your terminal window is big enough, it should display a QR code that you can scan with your authenticator app on your phone. At this point it will ask you some questions about options (I answered yes to all). **You '''MUST''' answer yes to the time-based question, otherwise you will not be able to copy files onto ALCF (learned from experience)**
  
Now open another terminal and log on to <code>jumpgate</code> with ssh just as we did before. Now, in addition to prompting for your ''password'', it will also prompt for a "Verification code:". In your authenticator app, find the auto-generated 6 digit code and enter it. If you've logged on successfully, then you are done. Otherwise, attempt to troubleshoot or reset the process with the <code>rm</code> command.
+
Now open a 3rd terminal and log on to <code>jumpgate</code> with ssh just as we did before. Because we have created a 2FA token, in addition to prompting for your ''password'', it will also prompt for a "Verification code:". In your authenticator app, find the auto-generated 6 digit code associated to the jumpgate machine and enter it in the "Verification code:" field. If you've logged on successfully, then you are done and can move on to setting up your VNC. Otherwise, attempt to troubleshoot or reset the process with the <code>rm -rf ~/.google_authenticator</code> command in the "backup" terminal you opened previously. If you have reset the process, close your primary and 3rd terminals, keep the backup terminal open, and open a new primary terminal and start the process over.
  
=== VNC ===
+
=== VNC - Viewing your PHASTA Machine Sessions ===
Most members of the group interact with these machines via a VNC, which provides an GUI interface. Setting up the VNC server is documented on the [[VNC]] page.
+
Most members of the group interact with the PHASTA machines via a VNC tool (Virtual Network Computing), which provides a graphical user interface (GUI) link between the PHASTA machines (server side) and your personal machine (client side). This connection permits you to interact with the PHASTA machines by using your personal machine as from any location with a secure internet connection. Setting up the VNC server is documented on the [[VNC]] page, and for the purpose of the On Ramp, follow the sections identified with steps 1 through 3. The remainder of the sections on the VNC page are options you can explore at a later time. Click [[VNC|here]] to set up your VNC and continue with the On Ramp.
  
 
== Machines ==
 
== Machines ==
Line 46: Line 55:
  
 
=== <code>viz003</code> ===
 
=== <code>viz003</code> ===
This is where most computationally intensive tasks are done. However, they should only be run for debugging or post-processing. Production runs should be run on servers outside of the group's local machines ([[CU Boulder RC|Summit]], [[NAS]], [[ALCF]], etc.)
 
 
=== <code>viz002</code> ===
 
 
This is where most computationally intensive tasks are done. However, they should only be run for debugging or post-processing. Production runs should be run on servers outside of the group's local machines ([[CU Boulder RC|Summit]], [[NAS]], [[ALCF]], etc.)
 
This is where most computationally intensive tasks are done. However, they should only be run for debugging or post-processing. Production runs should be run on servers outside of the group's local machines ([[CU Boulder RC|Summit]], [[NAS]], [[ALCF]], etc.)
  

Latest revision as of 12:36, 21 August 2024

This page documents the local machines owned by the group, logging in, and two factor authentication.

Logging In

The entry point for the group machines is jumpgate, which is accessed publicly via jumpgate-phasta.colorado.edu. We access this entry point by creating an SSH connection between it and our personal machines. To access the system via command line (terminal, command prompt, etc), simply run ssh USERNAME@jumpgate-phasta.colorado.edu. Note: if you are using Windows 8 or older, you will need to download and install an SSH client such as PuTTY, and follow the directions specified as Windows 8.

This video walks you through the multiple next steps you will take in order to access and interact with the PHASTA machines. wThe steps in the video are more thoroughly documented in the remainder of this page and the VNC page of the wiki.

To get started, open a command line terminal, enter ssh USERNAME@jumpgate-phasta.colorado.edu, and the login process will look like the following:

➜ ssh USERNAME@jumpgate-phasta.colorado.edu 
Password: 
Verification code:
**Windows 8** 
Open your PuTTY application and enter the following in the field that says "Host name:"
 USERNAME@jumpgate-phasta.colorado.edu
Next make sure that Connection type is set to "SSH". Click on "Open". This will start a terminal window session connected to jumpgate that will have the 
same output as the non-windows 8 instructions above.

where the Password: and Verification code: are prompts for you to enter in your password and 2FA pass code. Note the 2FA request for a verification code will not start occurring until after you setup 2fa as noted below.

Very little can/should be done on jumpgate. The most common use is to establish a tunnel for a VNC session. The second usage that must be done to set that up is connecting to portal1. This is done via ssh portal1 while on jumpgate.

Setting Up Two-Factor Authentication

Due to recent brute force ssh attacks we are moving to using two factor authentication (2FA). Existing users will have one week to switch over to this process. New users are expected to do this within 24 hours. This is pretty easy to setup as follows (from a terminal in your mac or linux laptop (and Windows if new enough)) or using PuTTY. All commands to be run are will be in code block. If you have not already established a connection with jumpgate (from the previous steps above), open a new terminal on your personal computer and enter the following:

ssh USERNAME@jumpgate-phasta.colorado.edu

This will prompt for your password (the private password you set or, if this is your first login, the one in the account creation email). Enter your password to log in. We will refer to this terminal as "Primary terminal" for the remainder of these instructions.

Next you need to download and install an authenticator application either for your computer or phone. There are several from Google, Microsoft, Twilio, etc (Google Authenticator works great). Launch that application on your phone or computer. In whatever mode it uses to create a new token generator, do that (often it opens with a QR code scanner enabled as it knows that is the easiest way to link the phone application to the QR scan created on the machine you are trying to access).

Before moving forward, start a second terminal connection to jumpgate by repeating the process above for establishing an ssh connection (PuTTY steps for Windows 8 users). We will refer to this second terminal connection as our "backup terminal". If at any point you want/need to reset, simply run rm -rf ~/.google_authenticator in the backup terminal.

Now, in your primary jumpgate terminal on your laptop type and enter:

google-authenticator

If your terminal window is big enough, it should display a QR code that you can scan with your authenticator app on your phone. At this point it will ask you some questions about options (I answered yes to all). **You MUST answer yes to the time-based question, otherwise you will not be able to copy files onto ALCF (learned from experience)**

Now open a 3rd terminal and log on to jumpgate with ssh just as we did before. Because we have created a 2FA token, in addition to prompting for your password, it will also prompt for a "Verification code:". In your authenticator app, find the auto-generated 6 digit code associated to the jumpgate machine and enter it in the "Verification code:" field. If you've logged on successfully, then you are done and can move on to setting up your VNC. Otherwise, attempt to troubleshoot or reset the process with the rm -rf ~/.google_authenticator command in the "backup" terminal you opened previously. If you have reset the process, close your primary and 3rd terminals, keep the backup terminal open, and open a new primary terminal and start the process over.

VNC - Viewing your PHASTA Machine Sessions

Most members of the group interact with the PHASTA machines via a VNC tool (Virtual Network Computing), which provides a graphical user interface (GUI) link between the PHASTA machines (server side) and your personal machine (client side). This connection permits you to interact with the PHASTA machines by using your personal machine as from any location with a secure internet connection. Setting up the VNC server is documented on the VNC page, and for the purpose of the On Ramp, follow the sections identified with steps 1 through 3. The remainder of the sections on the VNC page are options you can explore at a later time. Click here to set up your VNC and continue with the On Ramp.

Machines

jumpgate

This is the machine that allows you to "jump" to the other machines in the local network via ssh. It is simply the public-facing machine and should only be used as such.

portal1

This is where most of the non-computationally intensive tasks are done, such as text editing, moving files, etc. Effectively, if it takes longer than 5 seconds to run, you should probably think about running it on one of the viz* nodes.

viz003

This is where most computationally intensive tasks are done. However, they should only be run for debugging or post-processing. Production runs should be run on servers outside of the group's local machines (Summit, NAS, ALCF, etc.)

lab3

Windows machine for using Windows programs, such as SolidWorks. Accessing lab3 is different than with the other machines, see Access Lab3

ciscoX

These machines (cisco1, cisco2, etc.) are meant for computing and are accessed by submitting a job via PBS.

Using PBS for the cisco machines

Jobs submitted to PBS can either be scripted or interactive.

Interactive Job Example

matthb2@portal1:~$ soft add +pbs
matthb2@portal1:~$ qsub -I -l select=2:ncpus=24:mpiprocs=4 -q workq
qsub: waiting for job 1008.pbs to start
qsub: job 1008.pbs ready

matthb2@cisco1:~$ module load openmpi
matthb2@cisco1:~$ mpicc mpihello/mpihello.c
matthb2@cisco1:~$ mpirun ./a.out
Hello Parallel World
Rank: 1 Number is: 1
Rank: 2 Number is: 1
Rank: 3 Number is: 1
Rank: 0 Number is: 1
Rank: 5 Number is: 1
Rank: 4 Number is: 1
Rank: 6 Number is: 1
Rank: 7 Number is: 1
matthb2@cisco1:~$